Employees received phishing and fake emails that purported to be official but contained malicious links. Other methods show threat actors taking advantage of forwarding rules to collect private information.<\/p>\n
Babuk Locker New Ransomware for 2021<\/h2>\n
Days into the new year, analysts have discovered a new form of ransomware<\/a> dubbed Babuk Locker. SHA256 has its origins in the US NSA, and ECDH is maintained through an anonymous key agreement scheme.<\/p>\n According to BleepingComputer, the threat actors behind Babuk Locker now have a list of victims worldwide, and their ransom demands are between $60,000 and $80,000 in bitcoin. The attacks seem customized to the victim and include a hardcoded extension, a Tor victim URL, and a ransom note.<\/p>\n 4 white-label posters to help you educate your end-users on how not to get hit by ransomware.<\/p>\n<\/div>\n Shareholders of the US government software provider SolarWinds Worldwide LLC are suing the company following the news in December that its Orion software was hacked. The lawsuit documents say that the former President, the Chief Executive Officer Kevin Thompson, and the Chief Financial Officer Barton Kalsu made \u201cfalse and\/or misleading\u201d statements in February, May, August, and November during regulatory filings with the US Securities and Exchange Commission.<\/p>\n Timothy Bremer, a shareholder of the company who bought shares in September and October, filed the suit. The extent of the hack may be greater than initially suggested, according to a report published on January 3rd<\/a>.<\/p>\n During the investigation into the SolarWinds hack, cybersecurity firm CrowdStrike discovered the malware used to inject backdoors into the Orion platform. The cybercriminals dropped the malware, called Sunspot<\/a> by CrowdStrike, into the development environment of SolarWinds\u2019 Orion IT management software.<\/p>\n The malware would monitor and automatically inject a Sunburst backdoor that would replace Orion\u2019s original source code with malicious code. The hackers\u2019 method was devised to avoid detection by the software developers and build teams.<\/p>\n Since the investigation into the hacking began, this is the third strain of malware that has been found.<\/p>\n Last week, CISA, the FBI, and the NSA issued a joint statement in which they stated that the Russian-backed Advanced Persistent Threat (APT) group was likely behind the attack. However, to date they haven\u2019t been able to verify the individual attackers.<\/p>\n
\nThis ransomware has its own implementation of SHA256 encryption, which is being called ChaCha8. It uses Elliptic-curve Diffie-Hellman (ECDH), which encrypts files and protects its keys for key generation.<\/p>\n![\"Poster](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/06\/Ransomware-Awareness-Poster-Pack-2.png\")
<\/div>\n![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/38530902-54cb-489c-9f02-772612f0072d.png\")
<\/a><\/span><\/span>\n<\/div>\n<\/div>\nSolarWinds Sued over Orion Software Hack<\/h2>\n
![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/eb8a7046-2e03-421f-8d52-d19a9a82d447.png\")
<\/a><\/span><\/span><\/div>\nNew Sunspot Malware Spotted<\/h2>\n
Mimecast Certificate Compromised by Hackers<\/h2>\n